We want to export AD users information to CSV with PowerShell. Why do we need…
Clear Windows Defender Antivirus exclusions with PowerShell
We like to remove Windows Defender Antivirus exclusions. The problem is that there are a lot of exclusions, and when we go to the Microsoft virus & threat protection settings, it takes a lot of time to remove them manually. That’s because you can’t select multiple exclusions and remove them. An excellent approach to remove Windows Defender exclusions is with PowerShell. So let’s look at the fastest way to clear Windows Defender Antivirus exclusions with PowerShell.
Table of contents
Microsoft Defender Antivirus
Microsoft Defender Antivirus (formerly Windows Defender) is Microsoft Windows virus and threat protection software. Microsoft Defender Antivirus is available in Windows 10, Windows 11, and in versions of Windows Server. It comes default with the Windows operating system. It can be run next to your non-Microsoft antivirus/antimalware product, in active mode, passive mode, and disabled mode.
When you go to the Windows Defender Antivirus exclusions, a list with all the exclusions shows up. Unfortunately, there is no select-all button or a checkbox to select the exclusions and remove them. Instead, there is only a Remove button for every exclusion.
Prepare clear Windows Defender Antivirus exclusions PowerShell script
Before you start, you want to place the files in the right place. We recommend creating two folders on the (C:) drive:
- Scripts
- Temp
Download and place Clear-WindowsDefenderExcl.ps1 PowerShell script in the C:\scripts folder. The script will export the logs to the C:\temp folder.
Ensure that the file is unblocked to prevent errors when running the script. Read more in the article Not digitally signed error when running PowerShell script.
Another option is to copy and paste the below code into Notepad. Give it the name Clear-WindowsDefenderExcl.ps1 and place it in the C:\scripts folder.
# PowerShell script to clear the ExclusionPath, ExclusionProcess, and ExclusionExtension
# associated with Windows Defender Antivirus
# Start transcript
$Logs = "C:\temp\Clear-WindowsDefenderExcl.txt"
Start-Transcript $Logs -Append -Force
# Get Windows Defender preferences
$x = Get-MpPreference
# Get exclusion path
if ($x.ExclusionPath -ne $NULL) {
Write-Host("================================================")
Write-Host("Removing the following ExclusionPath entries:")
foreach ($i in $x.ExclusionPath) {
Remove-MpPreference -ExclusionPath $i
Write-Host($i)
}
Write-Host("================================================")
Write-Host("Total ExclusionPath entries deleted:", $x.ExclusionPath.Count)
}
else {
Write-Host("No ExclusionPath entries present. Skipping...")
}
# Get exclusion process
if ($x.ExclusionProcess -ne $NULL) {
Write-Host("================================================")
Write-Host("Removing the following ExclusionProcess entries:")
foreach ($i in $x.ExclusionProcess) {
Remove-MpPreference -ExclusionProcess $i
Write-Host($i)
}
Write-Host("================================================")
Write-Host("Total ExclusionProcess entries deleted:", $x.ExclusionProcess.Count)
}
else {
Write-Host("No ExclusionProcess entries present. Skipping...")
}
# Get exclusion extension
if ($x.ExclusionExtension -ne $NULL) {
Write-Host("================================================")
Write-Host("Removing the following ExclusionExtension entries:")
foreach ($i in $x.ExclusionExtension) {
Remove-MpPreference -ExclusionExtension $i
Write-Host($i)
}
Write-Host("================================================")
Write-Host("Total ExclusionExtension entries deleted:", $x.ExclusionExtension.Count)
}
else {
Write-Host("No ExclusionExtension entries present. Skipping...")
}
# Summary
Write-Host("================================================")
Write-Host("SUMMARY")
Write-Host($x.ExclusionPath.Count, "ExclusionPath entries deleted.")
Write-Host($x.ExclusionProcess.Count, "ExclusionProcess entries deleted.")
Write-Host($x.ExclusionProcess.Count, "ExclusionExtension entries deleted.")
Write-Host(($x.ExclusionPath.Count + $x.ExclusionProcess.Count + $x.ExclusionExtension.Count), "Total entries deleted")
Write-Host("")
Write-Host("Done.")
Stop-Transcript
- Line 5: Edit the transcript log path
Run clear Windows Defender Antivirus exclusions PowerShell script
To clear Windows Defender Antivirus exclusions:
- Run PowerShell as administrator
- Change the path to the scripts folder
- Run the PowerShell script to remove all exclusions from Windows Defender Antivirus
- Wait till the PowerShell script completes
PS C:\> cd c:\scripts
PS C:\scripts> .\Clear-WindowsDefenderExcl.ps1
Note: The Windows PowerShell console will show a list of the deleted exclusions entries and a summary with the total count. Also, it will show the output in a log because a transcript is added to the PS script.
This is an example of what it looks like after running the Clear-WindowsDefenderExcl.ps1 PowerShell script.
Verify Windows Defender Antivirus exclusions removal
You can always find the log output in the C:\temp folder and open the Clear-WindowsDefenderExcl.txt file.
Verify that the script successfully removed all the exclusions from Windows Defender Antivirus.
Disable Windows Defender
Suppose you want to disable or uninstall Windows Defender, read these articles:
- Turn off Windows Defender in Windows 10 permanently
- Turn off Windows Defender in Windows 11 permanently
- Uninstall Windows Defender on Windows Server
Conclusion
You learned how to clear Windows Defender Antivirus exclusions with PowerShell. It’s much faster to remove all exclusions with PowerShell than manually removing them in the Graphic User Interface (GUI). Use the script and focus on other tasks.
Did you enjoy this article? You may also like Antivirus exclusions for Exchange Server. Don’t forget to follow us and share this article.
That PowerShell script was fantastic!
Thank you.
Given other people were suggesting a fresh install of the OS this was great.